Skip to main content

Overview

The FHA risksheet is a 12-column analysis tool designed for hazard identification and safety requirement allocation. It organizes failure conditions by system function, flight phase, and effect, then allocates Design Assurance Levels (DAL) and safety requirements per ARP 4761 classification standards. diagram

Column Structure

System Information

ColumnTypeDefaultDescription
Item IdLinkSee applicationSystem element or function identifier linking to the parent system. Establishes the scope of the FHA analysis.
Failure ConditionText(required)Title of the identified failure condition. Must clearly describe the system state that violates operational or safety requirements.

Failure Identification

ColumnTypeDefaultDescription
Flight PhaseEnumerationSee applicationPhase of flight when the failure condition occurs: pre-flight, takeoff, climb, cruise, descent, landing, post-flight, or continuous.
Effect DescriptionText(required)Detailed description of the consequence of the failure condition on aircraft, crew, passengers, or operations. Must address safety impact per ARP 4761.

Classification and DAL

ColumnTypeDefaultDescription
Severity ClassificationEnumerationSee applicationARP 4761 classification: Catastrophic, Hazardous, Major, Minor, or No Safety Effect. Determines initial safety criticality.
Probability TargetEnumerationSee applicationRequired probability quantification per ARP 4761: Extremely Improbable (<10⁻⁹), Extremely Remote (<10⁻⁷), Remote (<10⁻⁵), or Reasonably Probable. Paired with severity.
DAL LevelEnumerationAuto-calculatedDesign Assurance Level (DAL A–E) allocated per classification. Auto-formula maps: Catastrophic→DAL A, Hazardous→DAL B, Major→DAL C, Minor→DAL D, No Safety Effect→DAL E.
The DAL column uses a JavaScript formula to automatically assign DAL based on the Severity Classification field. The mapping implements ARP 4761 standard classification-to-DAL correspondence. Manual override is permitted if safety engineering justifies a different allocation.

Safety Requirements Allocation

ColumnTypeDefaultDescription
Safety Requirement IDText(as assigned)Identifier of the safety requirement derived from the failure condition (e.g., SR-001). Created and tracked as a safetyRequirement work item type.
Safety Requirement TitleText(required)Descriptive title of the safety requirement that mitigates or eliminates the failure condition.
Safety Requirement DALEnumerationInheritedDAL level of the allocated safety requirement. Typically matches or inherits from the failure condition DAL.
The FHA-to-safety-requirement relationship creates the foundation of ARP 4761 safety case. Each failure condition must allocate at least one safety requirement. This establishes bidirectional traceability: failure conditions ↔ safety requirements.

Verification Status

ColumnTypeDefaultDescription
Verification StatusEnumerationOpenTracks evidence collection and approval state: Open (red), In Progress (yellow), Completed (green), Verified (dark green). Progresses as safety requirements are implemented and verified.

Color-Coded Visual Conventions

The FHA risksheet uses consistent ARP 4761-standard color coding across classification and DAL columns:
Severity LevelColorRGB / HexRisk Profile
CatastrophicRed#e53935Aircraft or personnel loss; uncontrollable
HazardousOrange#fb8c00Major injury; significant degradation
MajorYellow#fbc02dModerate injury; noticeable degradation
MinorGreen#43a047Minor injury; minor system effect
No Safety EffectGrey#78909cNo safety impact; possible operational impact
The row header in the risksheet adopts the classification color, providing visual emphasis. The DAL column uses the same color scheme, ensuring visual consistency between classification and allocated DAL. 
<svg viewBox="0 0 500 200" xmlns="http://www.w3.org/2000/svg" style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; max-width: 100%;">
  <defs>
    <filter id="shadow" x="-50%" y="-50%" width="200%" height="200%">
      <feDropShadow dx="0" dy="2" stdDeviation="3" flood-opacity="0.15"/>
    </filter>
    <marker id="arrowhead" markerWidth="10" markerHeight="10" refX="9" refY="3" orient="auto">
      <polygon points="0 0, 10 3, 0 6" fill="#607d8b"/>
    </marker>
  </defs>
  
  <!-- Classification boxes -->
  <rect x="20" y="20" width="90" height="60" rx="6" fill="#e53935" filter="url(#shadow)"/>
  <text x="65" y="55" text-anchor="middle" font-size="12" font-weight="600" fill="#fff">Catastrophic</text>
  
  <rect x="130" y="20" width="90" height="60" rx="6" fill="#fb8c00" filter="url(#shadow)"/>
  <text x="175" y="55" text-anchor="middle" font-size="12" font-weight="600" fill="#fff">Hazardous</text>
  
  <rect x="240" y="20" width="90" height="60" rx="6" fill="#fbc02d" filter="url(#shadow)"/>
  <text x="285" y="55" text-anchor="middle" font-size="12" font-weight="600" fill="#263238">Major</text>
  
  <rect x="350" y="20" width="90" height="60" rx="6" fill="#43a047" filter="url(#shadow)"/>
  <text x="395" y="55" text-anchor="middle" font-size="12" font-weight="600" fill="#fff">Minor</text>
  
  <!-- Arrow down -->
  <line x1="65" y1="85" x2="65" y2="110" stroke="#607d8b" stroke-width="2" marker-end="url(#arrowhead)"/>
  <line x1="175" y1="85" x2="175" y2="110" stroke="#607d8b" stroke-width="2" marker-end="url(#arrowhead)"/>
  <line x1="285" y1="85" x2="285" y2="110" stroke="#607d8b" stroke-width="2" marker-end="url(#arrowhead)"/>
  <line x1="395" y1="85" x2="395" y2="110" stroke="#607d8b" stroke-width="2" marker-end="url(#arrowhead)"/>
  
  <!-- DAL allocations -->
  <rect x="20" y="120" width="90" height="60" rx="6" fill="#e53935" filter="url(#shadow)"/>
  <text x="65" y="145" text-anchor="middle" font-size="12" font-weight="600" fill="#fff">DAL A</text>
  <text x="65" y="165" text-anchor="middle" font-size="10" fill="#fff">(Catastrophic)</text>
  
  <rect x="130" y="120" width="90" height="60" rx="6" fill="#fb8c00" filter="url(#shadow)"/>
  <text x="175" y="145" text-anchor="middle" font-size="12" font-weight="600" fill="#fff">DAL B</text>
  <text x="175" y="165" text-anchor="middle" font-size="10" fill="#fff">(Hazardous)</text>
  
  <rect x="240" y="120" width="90" height="60" rx="6" fill="#fbc02d" filter="url(#shadow)"/>
  <text x="285" y="145" text-anchor="middle" font-size="12" font-weight="600" fill="#263238">DAL C</text>
  <text x="285" y="165" text-anchor="middle" font-size="10" fill="#263238">(Major)</text>
  
  <rect x="350" y="120" width="90" height="60" rx="6" fill="#43a047" filter="url(#shadow)"/>
  <text x="395" y="145" text-anchor="middle" font-size="12" font-weight="600" fill="#fff">DAL D</text>
  <text x="395" y="165" text-anchor="middle" font-size="10" fill="#fff">(Minor)</text>
</svg>

Classification-to-DAL Auto-Formula

The FHA risksheet uses an automatic formula to allocate DAL based on the severity classification, implementing the standard ARP 4761 mapping:
Severity ClassificationMapped DALFormula Logic
CatastrophicDAL AHighest assurance; highest-risk failures
HazardousDAL BIntermediate-high assurance
MajorDAL CIntermediate assurance
MinorDAL DLower assurance; lower-risk failures
No Safety EffectDAL EMinimal assurance; non-safety-critical
The exact formula implementation (JavaScript variable names, case sensitivity) should be verified in the risksheet.json configuration attached to the FHA template module. The mapping above represents the semantic intent from ARP 4761.

FHA Analysis Views

The FHA risksheet supports four guided views for different workflow phases:

View 1: Full Analysis

Complete columnar view of all failure conditions, classifications, DAL allocations, and safety requirement assignments. Used for comprehensive hazard analysis and documentation.

View 2: Classification Summary

Focused view emphasizing severity classification and probability targets. Highlights the classification decision process and justification.

View 3: Safety Objectives (Requirements Allocation)

Dedicated view for allocating safety requirements to failure conditions. Shows the traceability chain from failure condition → safety requirement with inherited DAL.

View 4: Traceability

Comprehensive traceability view showing the complete safety case chain: failure condition → classification → DAL → allocated safety requirement → verification evidence.
Typically, FHA analysis progresses: View 1 (Identify)View 2 (Classify)View 3 (Allocate SR)View 4 (Verify). Each view presents columns optimized for that analysis phase.

Verification Status Progression

Safety requirements in the FHA follow a four-state verification workflow: diagram
StatusColorMeaningNext Step
OpenRedSafety requirement not yet addressedAssign to safety engineer or design team
In ProgressYellowEvidence collection underwayComplete testing or analysis; gather evidence
CompletedGreenEvidence collected; pending approvalReview and approve by qualified engineer
VerifiedDark GreenApproved; verified for certificationNo further action required

Document Context and Instantiation

The FHA risksheet is instantiated once per project as the FHA document (e.g., FCC System Functional Hazard Assessment). The risksheet template includes:
  • Risk type: failureCondition
  • Task type: safetyRequirement
  • Link role: allocatesTo (failure condition allocates to safety requirement)
  • Hierarchy: Function → Failure Condition → Detail (3-level)
The systemElementId binding and document space location should be confirmed in the project’s FHA template module (e.g., modules/RiskTemplates/FHATemplate/module.xml).

Integration with Other Analysis Documents

The FHA is the entry point for ARP 4761 safety assessment. Its outputs feed downstream analysis:
  • Preliminary System Safety Assessment (PSSA): Accepts failure conditions and allocated safety requirements; develops detailed mitigation strategies.
  • System FMEA (SFMEA): Analyzes failure modes per customer requirement; links to failure conditions via the causes role.
  • Design FMEA (DFMEA): Analyzes failure modes per design characteristic; traces upstream to SFMEA.
FHA is the highest-level safety analysis. Downstream documents (PSSA, SFMEA, DFMEA) must remain traceable to FHA-allocated safety requirements. Breaking this traceability chain invalidates the safety case.

Custom Fields and Metadata

The FHA risksheet stores analysis metadata in standard work item custom fields:
The complete list of custom fields on the failureCondition and safetyRequirement work item types should be reviewed in the project’s custom-fields.xml configuration.

Sources

  • FHA Template Configuration: modules/RiskTemplates/FHATemplate/attachments/risksheet.json
  • FHA Instance (Aero1 Project): modules/Risks/FHA-SYS-001/module.xml (observed via UI walkthrough)
  • ARP 4761 Standard: Failure Condition Classification (Catastrophic, Hazardous, Major, Minor, No Safety Effect) and DAL mapping
Code: modules/RiskTemplates/FHATemplate/attachments/risksheet.json (0.70) · datasets/sol-aero-ui-walkthrough/summary.md, navigation.md, dashboards/home-dashboard.md, dashboards/role-dashboards.md, dashboards/standards-compliance.md, risksheet-views/risksheet-views.md, work-item-types/data-model.md (0.65) · modules/RiskTemplates/PSSATemplate/attachments/risksheet.json (0.63) · modules/RiskTemplates/RiskControlPlanTemplate/attachments/risksheet.json (0.62) · modules/Risks/COMPLIANCE-001/module.xml, modules/Risks/MIL-STD-882E-HTS-001/module.xml, modules/Risks/SEC-THREAT-001/module.xml, modules/Risks/SFMEA-SUB-001/module.xml, modules/Risks/SFMEA-SUB-002/module.xml, modules/Risks/SFMEA-SUB-003/module.xml (0.62) · modules/RiskTemplates/System-FMEATemplate/attachments/risksheet.json (0.60) · modules/RiskTemplates/SubSystem-FMEATemplate/attachments/risksheet.json (0.58) · modules/RiskTemplates/SSATemplate/attachments/risksheet.json (0.57) · modules/RiskTemplates/SecurityThreatTemplate/attachments/risksheet.json (0.57) · modules/RiskTemplates/DFMEATemplate/attachments/risksheetTopPanel.vm, SubSystem-FMEATemplate/attachments/risksheetTopPanel.vm, System-FMEATemplate/attachments/risksheetTopPanel.vm, PFMEATemplate/attachments/risksheetTopPanel.vm, HazardTrackingTemplate/attachments/risksheetTopPanel.vm, DFMEATemplate/attachments/risksheetPdfExport.vm, SubSystem-FMEATemplate/attachments/risksheetPdfExport.vm, System-FMEATemplate/attachments/risksheetPdfExport.vm, PFMEATemplate/attachments/risksheetPdfExport.vm (0.57)